Video Screencast Help

Security Community Blog

Showing posts tagged with 11.x
Showing posts in English
Sushanta | 03 May 2012 | 0 comments

Hi,

I want to implement Split Tunneling for VPN Users in my Enterprise. While I do that I do want to have a restricted policy for the VPN users when they are off network and connected remotely. At the same time I do want to have the same policy applied to the users when they are on the network directly from office location.

Please suggest me the best practices. If anybody has implemented in any of their companies. Please help.

 

Thanks,

Sushanta

Sumit G | 21 Apr 2012 | 0 comments

SmcService is not getting Start up(For Window - XP).

 

Problem

Window could not start the “Symantec Management Client” Service.

 

 

 

Symptoms

When try to startup the service. Error Display on screen (Error 1053: The service did not respond to the start or control request in timely fashion)

 

Cause

This problem is occurring due to some Symantec service effect.

 

Solution

  • Go to Run
  • Open the Services.msc.
  • Under the Services. Double click on “Symantec Management Client”.
  • Go to Logon Tab.

 

  • Uncheck the “Allow service to interact with desktop”.

...

AR Sharma | 15 Mar 2012 | 1 comment

Recently, major vulnerabilities in Microsoft remote desktop protocol (RDP) is identified and patch by Microsoft is released. These vulnerabilities are categorized as 'critical' by all security forums. All organizations, whether small, medium or large are sensitized and working on patch deployment and/or workaround for fixing the same.

Patch deployment (especially in desktops) is a substantial activity. This may take days or even weeks or more to get completed.

So, the question arises that- what to do to immediately re-mediate the threat while keeping the business as usual? Answer lies in the fact that how to identify the users using RDP and patching those users' machine on priority. And rest all machines can be taken care of in due course.

There could be many workaround. One of them could be using SEP host based firewall. Using SEP host based firewall policy, incoming RDP connection can be blocked. This policy can be applied to all clients in almost...

Sumit G | 03 Feb 2012 | 2 comments

Problem

Need to set the password to disable Smc service

 

Cause

For the Security Purpose required to Set the password

 

Solution

Go to SEPM.

Login Console with Admin Id.

Go client Tab and then choose the Group where you want to set the password.

Under that Group choose the policy TAB.

Click on General Setting then tab on Security Setting.

There four option avail

Check the "Require a password to stop the client service"

Enter the passwor that have mention on right hand side of the security tab.

Then ok and then right click on that Group and update the content.

It will set the password to...

AR Sharma | 21 Jan 2012 | 4 comments

What actually happens in a war? We tend to destroy airports, bridges, refineries, power plants, nuclear plants etc. These are basics for the economy of any country. How much do we spend in war? billions of dollars!

Stuxnet- a Malware, exploited many vulnerabilities of SCADA system, and destroyed Iran's nuclear power plant. It sent Iran's nuclear power plant 6-7 years behind. All this was done without any socio-economic disturbance. No war fought. No loss of lives. SCADA systems are used in nuclear power plants, refineries and other industries where PLCs (programmable Logic Controllers) are used. Manufacturer of this kind of system are Siemens, Honeywell, ABB etc.

Such a huge impact of Stuxnet is not a matter of chance. Stuxnet must be made carefully for this purpose. Huge investment might have gone in Stuxnet too.

Looking at the impact and cost of Stuxnet, it would be it's insult if we call Stuxnet a Malware- It's actually the first CYBER WEAPON...

GrahamA | 11 Jan 2012 | 0 comments

Happy new year to you all!

The Symantec LUA team released version 2.3.1 in Dec. Just a quick status update for you in relation to how things have been going since then.

We've seen over 200 successful customer installs/upgrades of LUA 2.3.1 so far and feedback has been very positive.

As a recap, 2.3.1 introduced the following enhancements:

  • The LUA web server service will now automatically restart if it crashes or terminates unexpectedly.
  • LUA will now automatically install and utilise an optimised private Java Runtime Environment (version 1.6 update 27). This also means it is no longer necessary to separately install a public JRE for use by LUA.
  • It is now possible for LUA to automatically run multiple specified distribution tasks after a download task completes.
  • New quick link added to the user interface which allows customers to quickly and easily capture all LUA-related troubleshooting...
Seyad | 14 Sep 2011 | 0 comments

Issue:

Installing NTP on the cluster blocks the communication between Windows Server 2008 Failover cluster nodes
Following the article TECH91154 doesn't resolve the issue.

Cause:

By default, the "Microsoft Failover Cluster Virtual Adapter" (NetFT.sys) uses IPv6 to communicate with other nodes in the cluster. If you have an IPv4 configuration, then IPv6 is tunneled over IPv4 to establish sessions with remote nodes. If IPv6 is completely unavailable in your environment, the nodes will then communicate by IPv4. It is possible to disable IPv6 and still have the cluster function correctly but it is recommended to enable IPv6 with Windows 2008, 2008 R2 Failover clustering.

Reference: For more information about IPv6 on cluster please refer to the below article from "Windows Failover Cluster Team":
...

pannawich pornwattana | 01 Sep 2011 | 0 comments

ปัญหานี้จะเกิดเมื่อ ลงตัว sep12.1 แล้วต้องการจะ activate license ครับ

 

วิธีแก้ไข ให้่เชคดังนี้ครับ เข้าไปที่ control panel > regional and laguage > เปลีย่นทุกอันที่เป็นภาษาไทย ให้เป็น english ครับ (ได้หมดไม่ว่าจะเป็น USA,England)

 

> แล้ว restart 1รอบ ครับ > ลอง activate อีกรอบครับ 

 

ถ้าต้องการที่จะใช้เป้นภาษาไทยให้เปลีย่นหลังจากที่ activate เสร็จแล้วครับ

 

pannawich pornwattana | 01 Sep 2011 | 0 comments

ปัญหาที่มักจะพบใน sepm คือ "ทำไม Client บางเครื่องอัพเดท แล้วทำไมบางเครื่องไม่อัพเดท"

ให้ทำดังนี้ครับ check ที่เครื่อง manager ก่อน ว่า definition ที่เครื่อง manager มีเป็นเวอร์ชั่นล่าสุดรึเปล่า  ถ้าไม่ ก็ไปที่ แถบ admin เลือก server > local server > live update

แล้วลองกด อัพเดท content ดูครับ

 

ถ้ากด live update ที่ตัว manager แล้วมี show ว่า error return code 4  ให้ check ก่อนว่าเครื่องเซิฟเวอร์ต่อกับ internet ได้ไหม ปกติเวลาขึ้น return code =4 คือไม่สามารถเชื่อมต่อ กับ internet ได้

 

ถ้าทำการอัพเดทเครื่อง manager เป็น definition ล่าสุดแล้ว กด update content ได้เลยครับ เพื่อกระจาย def ใหม่ ให้เครื่องที่ยังไม่ได้อัพเดท

 

ส่วนเครื่องที่อัพ เดทก่อน manager ถามว่าทำไมมันถึงอัพเดท ลองเข้าไปเชค policy ของ life update ก่อนครับว่า ติีก อนุญาติ ให้เครื่อง client อัพเดทผ่านเน็ตได้หรือป่าวครับเพราะว่าถ้า ติ๊กเอาไว้แล้วเซิฟเวอร์ไม่อัพเดท เครื่อง client จะไปเอา definition ที่เซิฟเวอร์ของ symantec...

mon_raralio | 06 Jul 2011 | 0 comments

First of all, I'll admit that this is not my best blog so far. It looks like I'm rambling. But I hope that in the chance that you'll read this in its entirety that you'll learn somthing related to malware removal.

This was checked in for fixing. It's a laptop with wi-fi capabiliy. Used in one of the branch offices. And just by looking at the shortcut icons shows that it is being used for unrestricted broadband Internet connections. The laptop was obviously infected. SAV client was disabled and non of the softwares ran. The nature of the threat also disables the task manager, the folder options, and the command prompt. Other default MS softwares are also disabled and the main concern here is to be able to run the AV first.

To be able to check this further. I needed to 1.) Gain access to the programs, and 2.) Identify the malware.

The first one would be a challenge. I started with identifying the malware which is pretty much...